Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
21-4
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 21 Using the ACL Manager
Using Standard ACLs in the ACL Manager
Step 10 (Optional) Check the Enable Logging check box to enable or disable logging or specify the use of the
default logging settings. If logging is enabled, the Syslog Level and Log Interval fields become available.
a. If logging is enables, choose a logging level to specify logging activity. The default is Informational.
For information about logging levels, see the “Severity Levels” section on page 76-3.
b. Choose a logging interval to display the interval, in seconds, that is used to limit how many messages
at this logging level can be sent.
Step 11 Set the source service (TCP, UDP, and TCP/UDP only).
Step 12 Set the logging interval to establish the number of seconds between log messages. The default is 300.
Step 13 Set the time range during which the rule is applied.
Step 14 Click Apply to save the ACL and ACE to the running configuration.
To see a condensed view of all ACLs in your configuration, click Collapse All below the ACL Manager
window. To see a comprehensive view of all ACLs and ACEs in your configuration, click Expand All.
For information about finding specific ACLs and ACEs in your configuration, see the “Using the Find
Function in the ACL Manager Pane” section on page 3-15.
Using Standard ACLs in the ACL Manager
Standard ACLs identify the destination IP addresses (not source addresses). Standard ACLs cannot be
applied to interfaces to control traffic.
To add a standard ACL to your configuration, perform the following steps:
Step 1 Click Add, and from the drop-down list, choose Add ACL.
Step 2 In the Add ACL dialog box, add a name or number (without spaces) to identify the ACL.
Step 3 Click OK
The ACL name appears in the main pane.
Step 4 Select the newly created ACL, click Add, and from the drop-down list, choose Add ACE.
The Add ACE dialog box appears.
Step 5 (Optional) To specify the placement of the new ACE, select an existing ACE, and click Insert... to add
the ACE before the selected ACE, or click Insert After... to add the ACE after the selected ACE.
Step 6 Click one of the following radio buttons to choose an action:
Permit—Permits access if the conditions are matched.
Deny—Denies access if the conditions are matched.
Step 7 In the Address field, enter the IP address of the destination to which you want to perform or deny access.
You can also browse for the address of a network object by clicking the ellipsis at the end of the Address
field.
Step 8 (Optional) In the Description field, enter a description that makes an ACE easier to understand.
The description can contain multiple lines; however, each line can be no more than 100 characters in
length.